CVE-2022-31800 - Vulnerability Details

CVE-2022-31800 - Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Phoenixcontact	Axc 1050 Axc 1050 Firmware Axc 1050 Xc Axc 1050 Xc Firmware Axc 3050 Axc 3050 Firmware Fc 350 Pci Eth Fc 350 Pci Eth Firmware Ilc1x0 Ilc1x0 Firmware Ilc1x1 Ilc1x1 Firmware Ilc 1x1 Gsm\/gprs Ilc 1x1 Gsm\/gprs Firmware Ilc 3xx Ilc 3xx Firmware Pc Worx Rt Basic Pc Worx Rt Basic Firmware Pc Worx Srt Pc Worx Srt Firmware Rfc 430 Eth-ib Rfc 430 Eth-ib Firmware Rfc 450 Eth-ib Rfc 450 Eth-ib Firmware Rfc 460r Pn 3tx Rfc 460r Pn 3tx-s Rfc 460r Pn 3tx-s Firmware Rfc 460r Pn 3tx Firmware Rfc 470 Pn 3tx Rfc 470 Pn 3tx Firmware Rfc 470s Pn 3tx Rfc 470s Pn 3tx Firmware Rfc 480s Pn 4tx Rfc 480s Pn 4tx Firmware

Configuration 1 [-]

AND

cpe:2.3:o:phoenixcontact:axc_1050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_1050:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:phoenixcontact:axc_1050_xc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_1050_xc:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:phoenixcontact:axc_3050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_3050:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:phoenixcontact:fc_350_pci_eth_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fc_350_pci_eth:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:phoenixcontact:ilc1x0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:ilc1x0:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:phoenixcontact:ilc1x1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:ilc1x1:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:phoenixcontact:ilc_1x1_gsm\/gprs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:ilc_1x1_gsm\/gprs:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:phoenixcontact:ilc_3xx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:ilc_3xx:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:phoenixcontact:pc_worx_rt_basic_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:pc_worx_rt_basic:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:phoenixcontact:pc_worx_srt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:pc_worx_srt:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_430_eth-ib_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_430_eth-ib:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_450_eth-ib_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_450_eth-ib:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_460r_pn_3tx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_460r_pn_3tx:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_460r_pn_3tx-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_460r_pn_3tx-s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_470_pn_3tx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_470_pn_3tx:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_470s_pn_3tx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_470s_pn_3tx:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_480s_pn_4tx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_480s_pn_4tx:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2022-025/

History

Wed, 03 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-06-21T08:00:19.264Z

Updated: 2026-06-02T20:15:56.406Z

Reserved: 2022-05-30T00:00:00.000Z

Link: CVE-2022-31800

Vulnrichment

Updated: 2024-08-03T07:26:01.318Z

NVD

Status : Modified

Published: 2022-06-21T08:15:07.510

Modified: 2024-11-21T07:05:21.370

Link: CVE-2022-31800

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object